design-systems
Warn
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation instructs the user to execute
@southleft/design-systems-mcpusingnpx. This involves fetching and running code from an external package registry (NPM) from a source not identified as a pre-approved trusted vendor. - [COMMAND_EXECUTION]: The skill utilizes shell commands (
npx) to initialize MCP servers. These commands execute third-party binaries that have the capability to perform arbitrary operations on the host system. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it processes data and code generated from external APIs and design system repositories.
- Ingestion points: Data entering the agent context via
mcp__design_systems__search_componentsandmcp__magic__create_component(SKILL.md). - Boundary markers: The instructions do not specify any delimiters or warnings to ignore instructions embedded within the fetched component data or tokens.
- Capability inventory: The skill is designed to generate React components and CSS (SKILL.md).
- Sanitization: There is no evidence of sanitization or integrity verification for the code generated by external AI services or the metadata retrieved from design system libraries.
Audit Metadata